[ltb-dev] [LDAP Tool Box - Bug #863] Password Token Expiring

noreply at lsc-project.org noreply at lsc-project.org
Mon May 23 17:17:28 CEST 2016


Issue #863 has been updated by Clément OUDOT.


Well this is weird.

You can try to disable the session garbage collector tuning in the code by commenting following lines in pages/resetbytokens.php:
<pre>
    # Manage lifetime with sessions properties
    //if (isset($token_lifetime)) {
    //    ini_set("session.gc_maxlifetime", $token_lifetime);
    //    ini_set("session.gc_probability",1);
    //    ini_set("session.gc_divisor",1);
    //}
</pre>

The timeout will still be checked with the 'time' parameter registered in the session.

----------------------------------------
Bug #863: Password Token Expiring
http://tools.lsc-project.org/issues/863

Author: Jeff G
Status: New
Priority: High
Assigned to: 
Category: Self Service Password
Target version: self-service-password-?


It seems the password tokens expire when a new one is requested, even for completely different people. If I request a password reset token for client A, then 5 minutes later for client B, client A will no longer be able to reset their password using the token they were sent. Is this normal?


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20160523/be7c6650/attachment.htm>


More information about the ltb-dev mailing list